Job Description

Roles and Responsibilities:-

Maintenance:

• Ensure Review of policies and procedures on a periodic basis or whenever there is change and place it for Management approvals to board on a timely fashion
• Preparation of architectural diagrams and technical documentations for audit and regulatory purposes along with stakeholders and consultants 
• Ensure the Business Impact Assessment of new businesses, applications etc.
• Ensure Risk assessments for all IT assets and processes periodically and ensure RA/ RT is in place.
• Run project management for implementation of various security controls by liaising with different teams. 
• Renewal of certifications on time.(ISO and PCI DSS)
• Review all merchant and IT vendor contracts for clauses w.r.t information security and regulatory requirements

Monitoring and Guidances:

• Exception management, review (periodic) controls, analyse and make appropriate recommendation
• Provide guidance to the stakeholders with respect to the contractual obligation on IT policy management and process implementations.
• Provide Guidance to stakeholders on Periodic updation to BCP strategy, liaising with teams to perform drills etc.Guide team members on planning Phishing and other information security drills
• Evaluation of vendors ,review of internal tool reviews for SRE /Engg teams /PhonePe functions from Data security angle

Regulatory and Compliance audits:

• Interpret IT control requirements from regulatory guidelines and circulars and prepare a detailed framework for implementation and Advisory on implementation of information security controls 
• Ensure that IT regulatory requirements are tracked and continuously monitored. 
• Plan audit calendars and schedule the same
• Manage all internal and external audits related to IT and Non IT .
• Plan and Overseeing all IT audits (12 audits including CISA (PPI) ,RBI/ ReBIT Audit, CIS (insurance), PCI DSS, partner bank audits, ISO 27k ,Stat audits ,NPCI audits etc .
• Forefronting all the audits and act as POC for all escalations for any audit related activities
• Liaise with auditors to explain infosec posture, org structure, provide technical architecture overview, process understanding on IT controls etc. 
• Support management to provide audit finding responses, implementation of controls as per audit recommendations etc and ensure all IT audit observations are taken to closure 

 Vendor Risk Management: 

• Manage Third party risk assessment for all IT vendors ,review the risk categorisation on a regular basis and evaluate the vendor security control inventory and ensure continuous evaluation of vendors 
• Evaluate the review results of consultants and ascertain the adequacy of control testing.
• Evaluation of IT vendors on the security posture before onboarding.

Roles & Responsibilities

as above

Your Skills and experience

Your Experience and qualifications

Role Requirements:- (Manager)

• 6 to 8 years of work experience, BE / relevant experience in Group 4 consultancies, or likes of Group 4 . CISA / DISA / CIA preferred for SM roles.
• Has high ethical standards and are able to work diligently to complete your duties.
• Has an analytical mind able to “see” the complexities of procedures and regulations.
• Demonstrate the ability to plan and execute projects single handedly.

Company Details

About Company

PhonePe

Company Information

PhonePe AML/FS Compliance team plays a critical role in the successful execution of the organization’s compliance mission. The AML Compliance function ensures the development and maintenance of a strong compliance culture by developing and maintaining program infrastructure that identifies, measures and monitors compliance with applicable laws, regulations and rules that govern our business. Compliance team works closely with business, legal, risk and other functions to provide expertise on regulatory compliance matters, assess and measure controls and related risks, monitor and test the adequacy of the firm’s compliance control environment. Examine and evaluate the adequacy, efficiency and effectiveness of the organization's internal controls systems and procedures and recommend corrective actions to improve operations, enhance internal controls. Compliance monitoring refers to the quality assurance tests organizations do to check how well their business operations meet their regulatory and internal process obligations. This function is responsible for monitoring and testing the controls implemented within each function with respect to regulatory framework and from an internal process management perspective. Team is responsible for all regulatory filing requirements as defined by various applicable regulatory bodies.

How to Apply

To check the email or link to apply for this job, just LOGIN using your Social Login below (No need to register separately)
NOTE: If you are using MOBILE and if you want to use GMAIL login through LINKEDIN Browser, then Google will not allow you to login and will give ERROR. You need to "Open Link in Browser" and then try to login.